Whenever you are creating a web site using Joomla CMS you need to check your security! After I finish my projects, I make sure to check these crucial 15 points to keep the site(s) build with Joomla protected!
Joomla security checklist

Joomla Security Checklist:

  1. Don’t use the default super admin username (admin, administrator or root). Change it!
  2. Change admin password with a very strong one. You can use the build-in password generator in CPanel.
  3. Create a new user, give it super admin rights, then delete the old admin account (optional). This is for changing ID of the admin user (before 2.5.5 Joomla version).
  4. Block access to the admin panel by using special .htaccess file.
  5. Delete unnecessary extensions. This way you will improve your site’s speed and improvements as well!
  6. Rename htaccess.txt file to .htaccess and make sure RewriteEngine is set to On.
  7. I recommend to install Akeeba Backup extension, which will backup your website with one-click. Set time for the server and for the admin user.
  8. Look in your website structure about unwanted files and delete them (.psd files, project files, etc.)
  9. Make sure you have latest version of Joomla! If not, update! It’s a must!
  10. Check configuration.php file permissions. Set it to 644, or much better to 444.
  11. Do not use the standard jos_ table prefix. Change it quickly!
  12. Remove version number/name of the extensions. Remove Joomla! version number.
  13. Remove Joomla! meta generator tag.
  14. Use a SEF component (see some here). Modify the new path to /log and /tmp folders.
  15. Moving sensitive files outside the web root.

Here is another article + video about the protection of your Joomla site and Joomla security issues + one free security file.

Our Joomla Security Checklist will allow you to be always protected and indulge in new web design and SEO projects instead of recovering a hacked site!

To expand your Joomla CMS knowledge you can watch our course dedicated to Joomla!